jfwood/igor cr: 161417

## igor cr: 161417

        container_type = json_data.get('type')
        secret_refs = json_data.get('secret_refs')

        if not secret_refs:
            return json_data

        secret_refs_names = set(secret_ref.get('name', '')
                                for secret_ref in secret_refs)

[woodster: I think this entire block of new code should move down to below #635, as I think duplicate secret names or secret UUIDs are more possible failures than the wrong host name...just deferring this processing to a bit later down the line then.]
# Ensure that our secret refs are valid relative to our config, no
# spoofing allowed!
[hockeynut: comments should start in same column as the code]
[woodster: These first two comment lines (#605 and 606) should move over 4 spaces.]
        configured_host_href = CONF.host_href
        for secret_ref in secret_refs:
            if configured_host_href not in secret_ref:
# Houston, we have a problem!
[woodster: Yeah, as fun as this one is, probably better to get rid of line #610. :)]
                raise exception.SecretRefValidationErrorException(field='secret_ref',
                schema=schema_name,
                reason=u._("Secret ref does"
[hockeynut: need space between "does and the final closing quote

also I think there should be underscore between secret and ref.]
                "not match the"
[woodster: Please add 4 spaces to lines #614, 615 and 616.]
                "configured hostname, please"
[hockeynut: need space between "the" and the closing quote]
                "try again"
                ))

        self._assert_validity(
            len(secret_refs_names) == len(secret_refs),
            schema_name,
            u._("Duplicate reference names are not allowed"),
            "secret_refs")

        # The combination of container_id and secret_id is expected to be
        # primary key for container_secret so same secret id (ref) cannot be
        # used within a container
        secret_ids = set(self._get_secret_id_from_ref(secret_ref)

	container_type = json_data.get('type')
	secret_refs = json_data.get('secret_refs')

	if not secret_refs:
	return json_data

	secret_refs_names = set(secret_ref.get('name', '')
	for secret_ref in secret_refs)

	[woodster: I think this entire block of new code should move down to below #635, as I think duplicate secret names or secret UUIDs are more possible failures than the wrong host name...just deferring this processing to a bit later down the line then.]
	# Ensure that our secret refs are valid relative to our config, no
	# spoofing allowed!
	[hockeynut: comments should start in same column as the code]
	[woodster: These first two comment lines (#605 and 606) should move over 4 spaces.]
	configured_host_href = CONF.host_href
	for secret_ref in secret_refs:
	if configured_host_href not in secret_ref:
	# Houston, we have a problem!
	[woodster: Yeah, as fun as this one is, probably better to get rid of line #610. :)]
	raise exception.SecretRefValidationErrorException(field='secret_ref',
	schema=schema_name,
	reason=u._("Secret ref does"
	[hockeynut: need space between "does and the final closing quote

	also I think there should be underscore between secret and ref.]
	"not match the"
	[woodster: Please add 4 spaces to lines #614, 615 and 616.]
	"configured hostname, please"
	[hockeynut: need space between "the" and the closing quote]
	"try again"
	))

	self._assert_validity(
	len(secret_refs_names) == len(secret_refs),
	schema_name,
	u._("Duplicate reference names are not allowed"),
	"secret_refs")

	# The combination of container_id and secret_id is expected to be
	# primary key for container_secret so same secret id (ref) cannot be
	# used within a container
	secret_ids = set(self._get_secret_id_from_ref(secret_ref)